17:00:28 <LouisF> #startmeeting service_chaining 17:00:29 <openstack> Meeting started Thu Jul 13 17:00:28 2017 UTC and is due to finish in 60 minutes. The chair is LouisF. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:00:30 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:00:32 <openstack> The meeting name has been set to 'service_chaining' 17:00:38 <pcarver> hi 17:00:38 <LouisF> hi all 17:00:44 <vks1> hi all 17:01:03 <bcafarel> hello 17:01:08 <LouisF> #topic agenda 17:01:32 <LouisF> https://wiki.openstack.org/wiki/Meetings/ServiceFunctionChainingMeeting 17:02:25 <igordcard> hi all 17:02:26 <LouisF> #topic CLI in python-neutronclient 17:02:32 <LouisF> igordcard: hi 17:02:49 <LouisF> https://review.openstack.org/#/c/409759/ 17:03:29 <LouisF> mohan has updated - please review this 17:03:52 <igordcard> done, lgtm 17:04:15 <LouisF> yeah i'd like this to be wrapped up 17:04:38 <bcafarel> we are probably really close now (I hope) 17:04:38 <LouisF> #topic API reference 17:04:44 <LouisF> bcafarel: yes 17:04:58 <pcarver> I think I've finally made some progress on the API definition. 17:05:05 <LouisF> pcarver: great 17:05:09 <pcarver> I think I was trying to migrate too much before. 17:06:03 <pcarver> I've reduced the amount of code that I'm moving from networking-sfc to neutron-lib and now have a new patch set up that passed tox locally. I haven't check to see if it passed the gate tests yet. 17:06:30 <LouisF> pcarver: thanks 17:07:01 <LouisF> #topic Tap SFC 17:07:14 <LouisF> vks1: what is status? 17:07:40 <vks1> LouisF: I am working on the comment given by igordcard 17:07:45 <vks1> on OVS driver side 17:08:11 <vks1> was consumed in some other task this week most of time 17:09:07 <LouisF> vks1: ok, what is status regarding the CLI syntax? 17:09:36 <vks1> LouisF: will submit both the patch at same time 17:09:46 <LouisF> vks1: ok thanks 17:09:56 <LouisF> #topic SFC graph 17:10:05 <LouisF> igordcard: what is status? 17:10:31 <igordcard> it is finished and it's up for review 17:10:52 <igordcard> does not include OSC support yet (someone else is working on that and it might be 1 week more or so) or Heat 17:11:09 <igordcard> though I have a smaller patch with only the old neutron client so the reviewers can test 17:11:27 <LouisF> igordcard: ok, I had a question on the flow classifiers for the port chains that are included in an sfc graph 17:11:54 <LouisF> igordcard: what is the intended behavior? 17:12:03 <igordcard> LouisF: yes I have been forgetting to check some of the reviews as I've been pulled in too many directions this week 17:12:07 <igordcard> will address asap 17:12:31 <igordcard> but basically LSP/LDP are ignored when chains are part of a graph (except the initial chain) 17:12:41 <igordcard> all other classifications will still be looked up by OVS 17:13:10 <LouisF> how does the fc of source pc work with fc of dest pc? 17:13:29 <igordcard> also, for queens I will need to submit a patch that calls the full flow classifier conflict check (instead of the basic flow classifier conflict check) for chains in a graph 17:13:37 <LouisF> how about the N-tuple values? 17:13:40 <igordcard> otherwise it limits the classifications that can be used in the graph 17:14:19 <igordcard> let's consider that src chain has FC:UDP and dst chain has FC:TCP 17:15:00 <igordcard> traffic will enter dst chain if and only if it is TCP traffic and it came from src chain 17:15:03 <LouisF> so what is behavior? 17:15:52 <igordcard> it knows it came from src chain because a set of flows will be resolved in OVS that map the SPI/SI of the last hop of src chain, to the UDP flow classification that leads to the first hop of dst chain 17:16:30 <LouisF> so if the fc of source pc is UDP then only UDP traffic will egress the source pc - right , no TCP traffic 17:16:54 <igordcard> no necessarily, as functions are free to changing traffic classification due to SFC Encapsulation 17:17:47 <LouisF> igordcard: i don't understand that 17:17:52 <igordcard> if the user has not created a branch to catch non-TCP traffic at the end of the src chain, the traffic should be dropped 17:18:06 <igordcard> if indeed it is not TCP 17:18:27 <igordcard> LouisF: what part exactly does it become less clear? 17:20:37 <LouisF> if source pc1 has a classifier that matches UDP traffic then only UDP traffic will enter pc1 and egress pc1 - there will be no TCP traffic in pc1 17:21:27 <LouisF> so if dest pc2 with fc=TCP is appended to pc1 there will be no TCP traffic to enter pc2 17:21:28 <igordcard> LouisF: oh, egress means "getting into" the chain, right? 17:22:11 <LouisF> igordcard: no, "egress" means leaving pc1 17:22:20 <igordcard> LouisF: ok so I understood correctly 17:23:01 <igordcard> so regarding "then only UDP traffic will enter pc1 and egress pc1" 17:23:16 <LouisF> igordcard: yes 17:23:23 <igordcard> this is where I comment "not necessarily" 17:23:35 <igordcard> necessarily UDP traffic enters pc1 17:23:43 <igordcard> but what comes out can be something else 17:23:53 <igordcard> for the same reason you are submitting the proxy correlation map 17:23:56 <igordcard> non-transparent SFs 17:24:57 <igordcard> and by the way, the combination of proxy correlation map (or exclusive PPGs) with service graphs is excellent 17:25:37 <LouisF> igordcard: ok, you are saying that a SF in pc1 can modify the N-tuple to the traffic egresses from pc1 with a TCP instead of UDP 17:26:23 <LouisF> igordcard: ok, got it - agree it would be a good combination 17:26:28 <igordcard> LouisF: hypothetically... it's a rather stupid example, but yes 17:28:19 <LouisF> ok so the flow classifier values of each dest pc in a SFC graph can take into consideration possible N-tuple changes by SFs in the src pc 17:29:17 <LouisF> igordcard: is would be good to add text to cover some of these scenarios 17:29:37 <LouisF> doonhammer: hi john 17:29:49 <doonhammer> Hi LouisF 17:29:49 <igordcard> LouisF: yes, it can maybe be described as something like "statically-defined dynamic service function chaining" 17:30:38 <igordcard> LouisF: OK I'll look at improving the docs... feel free to leave small hints as comments and I'll expand on each of them 17:31:04 <LouisF> igordcard: one or two examples of SFC graph showing the FC values for src and dest PCs 17:31:05 <igordcard> LouisF: regarding NSH support, I'm resuming the patch now 17:31:28 <igordcard> LouisF: ok 17:31:37 <LouisF> igordcard: ok i will post an example 17:32:17 <LouisF> #OVN work 17:32:25 <LouisF> #topic OVN work 17:32:39 <LouisF> doonhammer: what is current status? 17:33:10 <doonhammer> LouisF: no change swamped on internal tasks 17:33:18 <LouisF> doonhammer: ok, thanks 17:33:38 <LouisF> #topic proxy correlation patch 17:33:49 <LouisF> https://review.openstack.org/#/c/481840/ 17:34:22 <LouisF> i want to clarify this behavior 17:34:24 * igordcard is reading pcarver's comment now 17:35:11 <pcarver> I don't have a strong preference for what's right or wrong, I was just commenting on how I read the proposal 17:36:07 <LouisF> the intention here is for a PPG (which is currently used as a LB group) to be used for mapping of SF instances (of the same SF type) 17:36:41 <LouisF> to different port chains thereby avoiding the need to re-classify 17:37:41 <LouisF> it a PPG is used for this proxy port correlation it will _not_ be used for LB 17:38:03 <pcarver> LouisF: yes, that's my interpretation 17:38:07 <igordcard> LouisF: and that third point is exactly where I don't agree 17:38:08 <LouisF> my last comment on the patch is incorrect - sorry for confusion 17:38:25 <igordcard> LouisF: up until now a Port Pair Group was a very clear, single-purpose resource 17:38:29 <pcarver> that if the SF alters the port tuple then the PPG has to support multiple chains with each chain using only one PP from each PPG 17:38:51 <LouisF> pcarver: correct 17:39:00 <pcarver> I don't know if that's right or wrong, but it's what the spec says as far as I can tell 17:39:00 <igordcard> LouisF: just group a bunch of service function instances and load balance across them, or use some other selection policy that doesn't even exist yet but might in the future 17:39:13 <LouisF> igordcard: correct - that has been the purpose of the PPG 17:39:58 <igordcard> LouisF: creating a proxy correlation map but still calling it PPG essentially destroys the definition of a PPG 17:39:59 <LouisF> igordcard: what i am proposing is the this group of PPs be used for a different purpose 17:40:45 <igordcard> LouisF: right.. and what I proposed todau is to simply allow PPGs to be marked as exclusive (to 1 PC) or not 17:40:54 <LouisF> if a PPG is marked as proxy-port-correlation = true then it has a different behavior 17:41:19 <igordcard> LouisF: because that gives you the same benefits in terms of SFC-proxying, and changes exactly nothing in the meaning of PPG 17:42:28 <igordcard> and the impl is much simpler 17:43:32 <igordcard> question, how do you tackle load balangin + proxy map at the same hop of the chain when using a proxy map correlation PPG? 17:43:38 <igordcard> balancing* 17:43:46 <LouisF> igordcard: but that means each chain must have a separate exclusive PPG 17:45:22 <igordcard> LouisF: well only at the hops where full proxying is required 17:45:23 <LouisF> igordcard: if a PPG is configured for proxy-port-correlation it would not support LB 17:47:37 <igordcard> LouisF: a drawback that should be documented if the proxy map route is followed 17:48:12 <LouisF> igordcard: i will add that text 17:48:48 <igordcard> I really like having the ability to to 1:1 full proxying, but I strongly support doing it in the most consistent way in terms of the API, the abstractions, and the features that are already supported in networking-sfc (LB) 17:48:50 <LouisF> however, the use of an exclusive mechanism also has benefits 17:50:34 <LouisF> suggest we adopt both methods 17:50:43 <igordcard> of course, my proposal also has its drawbacks, as you said: now the same PPG cannot be reused (for the hops that would require full proxying) 17:53:00 <igordcard> not sure I can support the proxy map correlation, but let's continue on the spec then 17:53:12 <igordcard> LouisF: also have to read the referenced draft 17:53:49 <LouisF> igordcard: we can continue in the review 17:55:30 <LouisF> i will add text stating that the PPG can be used for LB or proxy-port-correlation but not both 17:56:07 <LouisF> good discussion 17:56:19 <LouisF> ok, all i have for now 17:56:26 <LouisF> bye all 17:56:38 <igordcard> bye all 17:56:57 <LouisF> #endmeeting